WatchGuard Firebox 1000

More than just a VPN, the WatchGuard Firebox 1000 packs a full-featured firewall and content filter. This is convenient, but belt-and-suspenders types may not like having everything in one device, since that represents a single point of failure (you can purchase a second Firebox 1000 and configure it as a failover unit), and the products were only average performers in our testing. WatchGuard's $995 VPN Manager software should be part of WatchGuard's basic offering; trying to set up and manage the VPN service is terribly cumbersome and tedious without it (probably because WatchGuard has engineered its products with the firewall most in mind and therefore made the firewall settings more accessible).

Like most firewalls, the Firebox has three Ethernet interfaces. One interface connects to the private LAN and another to an Internet connection. The third interface can be used as a DMZ to host public e-mail and Web servers.

Initial setup and configuration was simple, thanks to a well-designed installation wizard. The wizard queries WatchGuard's Web site to see whether any software updates have been issued since the Firebox 1000 was built; if so, it automatically downloads and installs the updates. The registration process signs you up for WatchGuard's LiveSecurity update service, which downloads any new patches or firmware files when they become available.

The Windows-based Control Center provides an excellent suite of real-time monitoring, troubleshooting, and traffic history tools. The Firebox can maintain its own user database or obtain user name and password information from a variety of external sources, including a Windows NT or 2000 server, which can save administrators hours of work. Our only major complaint about the Control Center is that even relatively minor configuration changes require a reboot, which terminates all open connections.

WatchGuard sells the remote-client software, called Mobile User VPN, separately. Although the Firebox itself is reasonably priced, the $64-per-user fee for the software (for a 100-user license) made WatchGuard's product significantly more expensive than all but Cisco's offering for our sample company. Mobile User VPN is distributed as a single 3MB self-installing file and is very easy to set up.

WatchGuard recommended the Firebox 1000 for both our central office and branch office, but for very small sites and home users, the company offers the WatchGuard SOHO, a combination router, firewall, Ethernet switch, and VPN client. The unit is very easy to install and manage, and it can be maintained remotely using the VPN Manager software at the central office.

PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.

Les has been a contributing editor at PC Magazine since 1994 and a frequent contributor since 1990. Before joining PC Magazine, Les was founder and CEO of Crosstalk Communications, developers of the popular Crosstalk data communications program for PCs -- back in the days before the Internet made communications software obsolete. Prior to founding Crosstalk, Les was a Senior Technician and Videotape Editor at CBS News from 1976 to 1981 and a Cameraman and news editor at WTVJ-TV in Miami from 1972 to 1976. He graduated...
More »